Support Slim like Haml

[brynary]

Slim (http://slim-lang.com/) is an increasingly popular template language that is similar to Haml. I use it for Code Climate, and I know a number of my customers do as well.

Currently Brakeman skips all Slim templates. I think this would be pretty easy to fix, since it already supports Haml.

This would probably be a good time to refactor the template processing code a bit as well. @presidentbeef -- How do you feel about the test coverage of that area?

[oreoshake]

That's two votes for slim

[presidentbeef]

It's come up before. Unfortunately, it's similarity to Haml is not any kind of advantage, because Brakeman works on the generated code, not the template code. My concern previously was that it seems too configurable. However, it may be the case that when used with Rails everyone uses the same options? If so, I can see about supporting it.

How do you feel about the test coverage of that area?

Very frightened. There are lots of little fickle details.

[brynary]

Yeah, from my experience using it usually it's just drop in the slim-rails gem and go, so hopefully the configs are all the same.

That reminds me -- A few times I've seen some Haml internals seeming to creep into the code snippets. Is that expected or bug? If bug, I'll try to catch it sometime and report.

[presidentbeef]

Probably bug, please report.

[goodwink]

I'd also like to see this supported and would be willing to lend a hand in the effort, it's my biggest hole as far as my security confidence goes on each of my newer apps using slim.

[oreoshake]

@brynary @goodwink we have a conf call tomorrow at 11am PST where we could discuss things like this. Interested? We're trying to make it a regular thing too fwiw ☎️

[oreoshake]

Ooops, NEXT wednesday.

[presidentbeef]

Slim support is definitely doable (again, assuming people almost always use the defaults - Slim is very flexible) - but it would really help to have a real application to use for testing.

[brynary]

I can test against the Code Climate app and report feedback, though it's
closed source. For something OSS, maybe we could expand a test app in the
Brakeman repo?

On Tue, Jan 15, 2013 at 7:45 PM, Justin notifications@github.com wrote:

Slim support is definitely doable (again, assuming people almost always
use the defaults - Slim is very flexible) - but it would really help to
have a real application to use for testing.

—
Reply to this email directly or view it on GitHubhttps://github.com//issues/214#issuecomment-12298294.

[presidentbeef]

Naturally we would add slim to the Brakeman test apps, but a real application is way better for understanding how Slim works and getting good coverage.

[presidentbeef]

Okay, found one. Will work on later this week.

[presidentbeef]

Cool, now everyone please test #271 :)

[presidentbeef]

Merged in #271